spectrocloud · nianyush · May 16, 2024 · May 16, 2024
diff --git a/.arg.template b/.arg.template
@@ -22,3 +22,4 @@ CIS_HARDENING=true
 # UKI_BRING_YOUR_OWN_KEYS=false         # See sb-private-ca/howto.md for instructions on bringing your own certiticates
 # INCLUDE_MS_SECUREBOOT_KEYS=true       # Adds Microsoft Secure Boot certificates; if you export existing keys from a device, you typically won't need this
 # AUTO_ENROLL_SECUREBOOT_KEYS=false     # Set to true to automatically enroll certificates on devices in Setup Mode, useful for flashing devices without user interaction
+# UKI_INSTALL_ALL_FW=false              # Set to false if you don't want to install extra firmware which would increase image size
diff --git a/Earthfile b/Earthfile
@@ -54,6 +54,7 @@ ARG IS_UKI=false
 ARG INCLUDE_MS_SECUREBOOT_KEYS=true
 ARG AUTO_ENROLL_SECUREBOOT_KEYS=false
 ARG UKI_BRING_YOUR_OWN_KEYS=false
+ARG UKI_INSTALL_ALL_FW=true
 
 ARG CMDLINE="stylus.registration"
 ARG BRANDING="Palette eXtended Kubernetes Edge"
@@ -666,6 +667,12 @@ base-image:
 
             RUN rm -rf /var/cache/* && \
                 apt-get clean
+        ELSE
+            IF [ "$UKI_INSTALL_ALL_FW" = "false" ]
+                RUN modulesextra=$(dpkg-query -W -f='${Package}\n' | grep '^linux-modules-extra-' | head -n 1) && \
+                    linuximage=$(dpkg-query -W -f='${Package}\n' | grep '^linux-image-generic-hwe-' | head -n 1) && \
+                    apt-get purge -y --auto-remove --allow-remove-essential linux-firmware wireless-regdb $linuximage $modulesextra
+            END
         END
 
         IF [ "$CIS_HARDENING" = "true" ]
@@ -743,6 +750,8 @@ base-image:
             if grep "selinux=1" /etc/cos/bootargs.cfg > /dev/null; then sed -i 's/selinux=1/selinux=0/g' /etc/cos/bootargs.cfg; fi
     END
 
+    SAVE IMAGE palette-base-image:$IMAGE_TAG
+
 # Used to build the installer image.  The installer ISO will be created from this.
 iso-image:
     FROM --platform=linux/${ARCH} +base-image